|
With PHP, JavaScript and many more, there are far, far too many frameworks and related API's. This doesn't mean that programmers can't create their own modules and plugins, but why re-create the wheel when a working example of such a module/plugin exists that you may, if that functionality has been programmed in, then manipulated to some extent. Remembering that to create modules/plugins can be both time consuming and expensive and often the customer wants something created with minimal fuss and for minimal costs and quickly.
It is perfectly fine if you want to write a PHP application from scratch, I'm sure the chaps from WordPress or Magento or Prestashop or Laravel etc would welcome the competition. But answer this, are you prepared to spend a huge amount of time, energy and potential money writing such a behemoth and then give it away as freeware (or as free community versioning) such as the names I used above. And the same arguments are relevant for the many frameworks evident with JavaScript - Angular.js - for example.
Besides, it is not as though in the Microsoft world there are no modules/plugins as there are thousands (perhaps many hundreds) there as well.
Yes, plugins/modules can become problematic when updated, so taking precautions is necessary.
modified 1-Aug-19 21:02pm.
|
|
|
|
|
Sure - I understand in terms of convenience and speed.
Is there anything to be said about being cautious about using free third party software whose dependencies may break one day?
I know it's a case of degree and even the .Net framework could be broken by Microsoft - however I have more faith in the .Net framework not doing this than having a business running on tens of 'plugins' that could have security vulnerabilities or just break one day due to connected libraries that get updated.
I had some experience trying to get Oauth running with .Net and the number of libraries and dependencies I had to include was fairly large. Some of these libraries were also non-functional and I had to go in and fix these bugs myself.
The points you make are ones I have already heard - do you however see any dangers in this practice and a need for caution when avoiding coding php/javascript yourself?
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
|
|
|
|
|
Of course there are horror stories when a badly written/configured/deployed update can kill a website. This is no different from an Android updated application applied to your Android smartphone that subsequently causes problems, but not problems to all smartphones. Equally, you can have different results using Microsoft's offerings from the Windows Operating Systems and so on on different machines, some of same or similar hardware from something that works well to something that makes the computer wholly unusable.
As you know, you have to be defensive before you deploy, alas, many non-professionals (and no doubt some professionals as well) just either don't know/understand or for the many reasons that we all should know of, can't be bothered, let alone the commercial pressures to get the latest and greatest thing "up there yesterday if not before".
The .net framework, written by Microsoft, was a major undertaking that must have cost millions of man-hours and millions of dollars. PHP, for example, does not expect to match Microsoft offerings, it hasn't that corporate structure let alone the finance to do better than it has done on shoestring budgets and, over a period of time, community volunteers.
There are many dangers. An organisation could be severely hurt if their e-commerce offerings suddenly died or becomes problematic if an update fails in some way.
GuyThiebaut wrote: about being cautious about using free third party software
If you look at the repositories of, for example - Drupal or WordPress - you can see quantities as downloaded as well as its star rating as well as if it is still being developed and the reviews. There is some degree of trust that can be placed in many plugins/modules, but a risks always remains...
modified 1-Aug-19 21:02pm.
|
|
|
|
|
Thanks Richard.
Your replies are very helpful and give me some perspective on my concerns
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
|
|
|
|
|
Don't know if the Microsoft NuGet repository checks and tests plugins/modules before NuGet will include them. WordPress, Drupal, Prestashop and others do not permit plugins/modules/Themes/etc into their repository without testing them. But that doesn't say what testing and how much testing was done.
In terms of security, you can always take the time, if you got the time, to look at the source code of plugins/modules to ascertain how they deal with data before it hits the database, or issues surrounding XSS and other nasties. But the twin enemies of time and money may forbid you from doing much more than a cursory glance.
modified 1-Aug-19 21:02pm.
|
|
|
|
|
A well designed site will not break-down with one or more plugin not loaded - it only will malfunction in some parts, and even there not completely...
For instance - if you use a input box extension to control the input formatting, you will lose only that, but the user still will be able input values...
So, even it is true that there is some risk in calling in plugins, that risk can be calculated and minimized by choosing those plugins carefully...
My main points for that are:
1. The plugin must be tested and reasonably matured...
2. I never use a plugin with tens of features to solve a single problem (in it case I may write it for myself or compile only the relevant parts of the plugin from the source)
The reason to pick a plugin is to shorten the development time...We all have problems (in 99.99% of the cases) that has one or more solutions somewhere...and you can use it as an idea, a copy-paste code or as plugin/library...
I do agree with you, that writing all your code is the best way to stay in control, but think of it...you use the built-in .NET classes with no hesitation...Why? Do you believe, those are better written/tested...Why?
So in my opinion using plugins is not different from using and other (built-in/open or closed source/payed or free) library/plugin/class/feature/function/method - you have to test and pick carefully...
Skipper: We'll fix it.
Alex: Fix it? How you gonna fix this?
Skipper: Grit, spit and a whole lotta duct tape.
|
|
|
|
|
And this one is for you:
http://www.commitstrip.com/en/[^]
Skipper: We'll fix it.
Alex: Fix it? How you gonna fix this?
Skipper: Grit, spit and a whole lotta duct tape.
|
|
|
|
|
Hello,
I am wondering if following methods in my script are vulnerable for DOM XSS attack? If yes, what is the best practice to write them. Kindly help if you can guide about it.
1. document.createElement()
2. document.getElementsByTagName()
(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();
Thank you for your time.
Best Regards,
Supriya
|
|
|
|
|
How to fake or declare a kendo controls in jasmine test. I can spyon the mothod that has the code but now i want to test logic in javascript
javascript/Angularjs
var grid = $("#Grid").data("kendoGrid");
var multiselect= $('#multiselect').data('kendoDropDownList').value();
the errors I get is Cannot read property 'dataItems' of undefined and Cannot read property 'dataItems' of null respectively
MVC
My controls is as follows @(Html.Kendo() .MultiSelectFor(m => m.id) .Name("Test")) in the View
Thanks in advance
Phetole
|
|
|
|
|
I have developed a website by css and html, would you mind anybody to check my site and give me a good suggestion? my site is http:
|
|
|
|
|
|
It needs a lot of work. The UI looks pretty weak. I'd suggest studying CSS design techniques and looking at other sites.
There are only 10 types of people in the world, those who understand binary and those who don't.
|
|
|
|
|
Dear Experts ,
I have developed a web application using asp.net C#.I want retrieve lots of images from database
and show on Datalist control.I tried but it shows only cross mark instead of actual image.
please help me .
|
|
|
|
|
|
Hi. I have created an ASP.NET MVC 4 application and I published it on a ftp server. When I access the link, it shows me the files that are in the folder, not the index page, so I think something is missing from there. Can anybody tell me if I have to do something else after publishing the project? I just created a project and I uploaded to the server to see if it works.
|
|
|
|
|
|
Sorry for repost, I thought I have chosen the wrong category.
|
|
|
|
|
|
Go to ParentThank you for your reply. I have found the problem.
The problem was caused by the web server, because it didn't accept ASP.NET version for my project. So I have to choose another provider.
Sorry for repost, I thought I have chosen the wrong category.
|
|
|
|
|
i am presently working on a web application using php, but i dont know how to limit the number of users connected to the system via a router. Please is there a way to go by this? Any answer would be appreciated.. thank you
|
|
|
|
|
where you deployed your web application? it it web server or development pc? how you plan to limit the users? ( web server or from network router?)
|
|
|
|
|
I am using a web server (Wamp).
|
|
|
|
|
How to define +91 as default value on TextBox in simple html, and what the good way when we have to save in database
|
|
|
|
|
can you explain a bit more? Do you want to prefix +91 country code with your textbox value here?
modified 20-Sep-20 21:01pm.
|
|
|
|
|
Please do not crosspost.
Just put value="+91" on the textbox and that will default it.
There are only 10 types of people in the world, those who understand binary and those who don't.
|
|
|
|